3.1 and LDAP
Tynan Young
tynany at gmail.com
Tue Dec 1 09:34:31 CET 2015
Hi,
I've got freeradius 3.1 up and running (taken from the git repo on the
25th Nov) on Ubuntu 14.04 and am having weird issues with LDAP. Hoping
someone may be able to shed some light.
I'm using freeradius for dot1x authentication, both wireless
(peap/mschapv2) and wired via NTLM auth. The freeradius LDAP module is
used to look up Active Directory group membership and based on
membership returns the relevant Tunnel-Private-Group-Id.
The issue I'm having is that the LDAP lookup will work most of the
time, but will frequently stop working for 5-25 minutes. It will start
working again without any changes being made. To isolate LDAP
user/server issues I've tried using different user accounts and 2012
AD servers.
My freeradius config is pretty stock and I have highlighted what I
believe is the the relevent LDAP config below. Please let me know if
you need any more configuration to assist.
This same LDAP config is working in 3.0.10, but I'm experiencing other
unrelated issues (I think) and that is why I am trying 3.1 (these
issues seem to be resolved in 3.1 so far).
Many thanks!
mods-config/files/authorize:
DEFAULT Ldap-Group == "CN=test,OU=VLAN-Access,DC=in,DC=testdomain"
Tunnel-Medium-Type = 802,
Tunnel-Type = VLAN,
Tunnel-Private-Group-Id = 10
mods-enabled/ldap:
ldap {
server = 'dc1.in.testdomain'
server = 'dc2.in.testdomain'
identity = 'CN=ldapradiusauth,CN=users,DC=in,DC=testdomain'
password = 'changeme'
base_dn = 'dc=in,dc=testdomain'
}
user {
*SNIP*
filter = "(sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}})"
*SNIP*
}
group {
*SNIP*
membership_filter =
"(member:1.2.840.113556.1.4.1941:=%{control:Ldap-UserDn})"
*SNIP*
}
debug output for when LDAP is not working:
Debug: (7) Received Access-Request Id 155 from 192.168.6.253:41795 to
192.168.254.173:1812 via eth0 length 319
Debug: (7) User-Name = "DOMAIN\\testuser"
Debug: (7) NAS-IP-Address = 192.168.6.253
Debug: (7) NAS-Port = 0
Debug: (7) NAS-Identifier = "192.168.6.253"
Debug: (7) NAS-Port-Type = Wireless-802.11
Debug: (7) Calling-Station-Id = "240A64A07AA3"
Debug: (7) Called-Station-Id = "000B869A9037"
Debug: (7) Service-Type = Framed-User
Debug: (7) Framed-MTU = 1100
Debug: (7) EAP-Message =
0x0208006b190017030100604d9137ede185960c664a078e8b48cc5082037cb862005ef9b5fcd5c382b38ec0169fe33226ba383903ad774f0d68d2570bb96ded52f75b9306047481284bea8329db0f25c65a2e3df1f0ee5e4e774ff8b1bd22e83e8c31e9525a60f8fa16ca2e
Debug: (7) State = 0xee38dd6d6038ae2de9d2789435e4c640
Debug: (7) Aruba-Essid-Name = "bandit"
Debug: (7) Aruba-Location-Id = "ap1"
Debug: (7) Aruba-AP-Group = "grp1"
Debug: (7) Aruba-Device-Type = "Win 7"
Debug: (7) Message-Authenticator = 0xf0ea95380ec91f06d36168bc3de93a19
Debug: (7) No &session-state attributes to restore
Debug: (7) # Executing section authorize from file
/etc/freeradius/sites-enabled/default
Debug: (7) authorize {
Debug: (7) policy filter_username {
Debug: (7) if (!&User-Name){
Debug: (7) if (!&User-Name) -> FALSE
Debug: (7) if (&User-Name =~ / /){
Debug: No matches
Debug: (7) if (&User-Name =~ / /) -> FALSE
Debug: (7) if (&User-Name =~ /@.*@/ ){
Debug: No matches
Debug: (7) if (&User-Name =~ /@.*@/ ) -> FALSE
Debug: (7) if (&User-Name =~ /\.\./ ){
Debug: No matches
Debug: (7) if (&User-Name =~ /\.\./ ) -> FALSE
Debug: (7) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/)){
Debug: No matches
Debug: (7) if ((&User-Name =~ /@/) && (&User-Name !~
/@(.+)\.(.+)$/)) -> FALSE
Debug: (7) if (&User-Name =~ /\.$/){
Debug: No matches
Debug: (7) if (&User-Name =~ /\.$/) -> FALSE
Debug: (7) if (&User-Name =~ /@\./){
Debug: No matches
Debug: (7) if (&User-Name =~ /@\./) -> FALSE
Debug: (7) } # policy filter_username = notfound
Debug: (7) modsingle[authorize]: calling preprocess (preprocess)
for request 7
Debug: (7) preprocess: Comparing name "DOMAIN\testuser" and check value ".ppp"
Debug: (7) preprocess: Comparing name "DOMAIN\testuser" and check value ".slip"
Debug: (7) preprocess: Comparing name "DOMAIN\testuser" and check value ".cslip"
Debug: (7) modsingle[authorize]: returned from preprocess
(preprocess) for request 7
Debug: (7) [preprocess] = ok
Debug: (7) modsingle[authorize]: calling chap (chap) for request 7
Debug: (7) modsingle[authorize]: returned from chap (chap) for request 7
Debug: (7) [chap] = noop
Debug: (7) modsingle[authorize]: calling mschap (mschap) for request 7
Debug: (7) modsingle[authorize]: returned from mschap (mschap) for request 7
Debug: (7) [mschap] = noop
Debug: (7) modsingle[authorize]: calling digest (digest) for request 7
Debug: (7) modsingle[authorize]: returned from digest (digest) for request 7
Debug: (7) [digest] = noop
Debug: (7) modsingle[authorize]: calling suffix (realm) for request 7
Debug: (7) suffix: Checking for suffix after "@"
Debug: (7) suffix: No '@' in User-Name = "DOMAIN\testuser", looking up
realm NULL
Debug: (7) suffix: No such realm "NULL"
Debug: (7) modsingle[authorize]: returned from suffix (realm) for request 7
Debug: (7) [suffix] = noop
Debug: (7) modsingle[authorize]: calling ntdomain (realm) for request 7
Debug: (7) ntdomain: Checking for prefix before "\"
Debug: (7) ntdomain: Looking up realm "DOMAIN" for User-Name = "DOMAIN\testuser"
Debug: (7) ntdomain: Found realm "DOMAIN"
Debug: (7) ntdomain: Adding Stripped-User-Name = "testuser"
Debug: (7) ntdomain: Adding Realm = "DOMAIN"
Debug: (7) ntdomain: Authentication realm is LOCAL
Debug: (7) modsingle[authorize]: returned from ntdomain (realm)
for request 7
Debug: (7) [ntdomain] = ok
Debug: (7) modsingle[authorize]: calling eap (eap) for request 7
Debug: (7) eap: Peer sent EAP Response (code 2) ID 8 length 107
Debug: (7) eap: Continuing tunnel setup
Debug: (7) modsingle[authorize]: returned from eap (eap) for request 7
Debug: (7) [eap] = ok
Debug: (7) } # authorize = ok
Debug: (7) Found Auth-Type = EAP
Debug: (7) # Executing group from file /etc/freeradius/sites-enabled/default
Debug: (7) authenticate {
Debug: (7) modsingle[authenticate]: calling eap (eap) for request 7
Debug: (7) eap: Got eap_session_t 0x1fd38a0 from request data
Debug: (7) eap: Peer sent packet with method EAP PEAP (25)
Debug: (7) eap: Calling submodule eap_peap to process data
Debug: (7) eap_peap: Continuing EAP-TLS
Debug: (7) eap_peap: Peer sent flags --------
Debug: (7) eap_peap: Got complete TLS record (101 bytes)
Debug: (7) eap_peap: [eap-tls verify] = ok
Debug: (7) eap_peap: [eap-tls process] = ok
Debug: (7) eap_peap: Session established. Decoding tunneled attributes
Debug: (7) eap_peap: PEAP state phase2
Debug: (7) eap_peap: EAP method MSCHAPv2 (26)
Debug: (7) eap_peap: Got tunneled request
Debug: (7) eap_peap: EAP-Message =
0x0208004e1a02080049317ef3bc67cb921089a4502f961e0e3e93000000000000000040fbef6cb5343fc997e0c4bee9af0168efc513c085e0344b004652455348564945575c74796e616e74657374
Debug: (7) eap_peap: Setting &request:User-Name from tunnel
(protected) identity "DOMAIN\testuser"
Debug: (7) eap_peap: Sending tunneled request to inner-tunnel
Debug: (7) eap_peap: Adding eap_session_t 0x1fe9a90 to fake request
Debug: (7) Added request data 0x1fe9a90 at (nil):1
Debug: (7) Virtual server inner-tunnel received request
Debug: (7) EAP-Message =
0x0208004e1a02080049317ef3bc67cb921089a4502f961e0e3e93000000000000000040fbef6cb5343fc997e0c4bee9af0168efc513c085e0344b004652455348564945575c74796e616e74657374
Debug: (7) FreeRADIUS-Proxied-To = 127.0.0.1
Debug: (7) User-Name = "DOMAIN\\testuser"
Debug: (7) server inner-tunnel {
Debug: (7) No &request:State attribute, can't restore &session-state
Debug: (7) # Executing section authorize from file
/etc/freeradius/sites-enabled/inner-tunnel
Debug: (7) authorize {
Debug: (7) modsingle[authorize]: calling chap (chap) for request 7
Debug: (7) modsingle[authorize]: returned from chap (chap) for request 7
Debug: (7) [chap] = noop
Debug: (7) modsingle[authorize]: calling mschap (mschap) for request 7
Debug: (7) modsingle[authorize]: returned from mschap (mschap)
for request 7
Debug: (7) [mschap] = noop
Debug: (7) modsingle[authorize]: calling suffix (realm) for request 7
Debug: (7) suffix: Checking for suffix after "@"
Debug: (7) suffix: No '@' in User-Name = "DOMAIN\testuser", looking up
realm NULL
Debug: (7) suffix: No such realm "NULL"
Debug: (7) modsingle[authorize]: returned from suffix (realm)
for request 7
Debug: (7) [suffix] = noop
Debug: (7) modsingle[authorize]: calling ntdomain (realm) for request 7
Debug: (7) ntdomain: Checking for prefix before "\"
Debug: (7) ntdomain: Looking up realm "DOMAIN" for User-Name = "DOMAIN\testuser"
Debug: (7) ntdomain: Found realm "DOMAIN"
Debug: (7) ntdomain: Adding Stripped-User-Name = "testuser"
Debug: (7) ntdomain: Adding Realm = "DOMAIN"
Debug: (7) ntdomain: Authentication realm is LOCAL
Debug: (7) modsingle[authorize]: returned from ntdomain (realm)
for request 7
Debug: (7) [ntdomain] = ok
Debug: (7) update control {
Debug: (7) &Proxy-To-Realm := LOCAL
Debug: (7) } # update control = noop
Debug: (7) modsingle[authorize]: calling eap (eap) for request 7
Debug: (7) eap: Peer sent EAP Response (code 2) ID 8 length 78
Debug: (7) eap: Continuing on-going EAP conversation
Debug: (7) modsingle[authorize]: returned from eap (eap) for request 7
Debug: (7) [eap] = updated
Debug: (7) modsingle[authorize]: calling files (files) for request 7
Debug: (7) files: Searching for user in group
"CN=test,OU=VLAN-Access,DC=in,DC=testdomain"
Debug: rlm_ldap (ldap): Reserved connection (0)
Debug: (7) files: EXPAND TMPL XLAT
Debug: (sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}})
Debug: Parsed xlat tree:
Debug: literal --> (sAMAccountName=
Debug: if {
Debug: attribute --> Stripped-User-Name
Debug: }
Debug: else {
Debug: attribute --> User-Name
Debug: }
Debug: literal --> )
Debug: (7) files: EXPAND (sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}})
Debug: (7) files: --> (sAMAccountName=testuser)
Debug: (7) files: EXPAND TMPL LITERAL
Debug: (7) files: Performing search in "dc=in,dc=DOMAIN" with filter
"(sAMAccountName=testuser)", scope "sub"
Debug: (7) files: Waiting for search result...
Debug: rlm_ldap (ldap): Rebinding to URL
ldap://DomainDnsZones.in.testdomain/DC=DomainDnsZones,DC=in,DC=testdomain
Debug: rlm_ldap (ldap): Waiting for bind result...
Debug: rlm_ldap (ldap): Rebinding to URL
ldap://ForestDnsZones.in.testdomain/DC=ForestDnsZones,DC=in,DC=testdomain
Debug: rlm_ldap (ldap): Waiting for bind result...
Debug: rlm_ldap (ldap): Rebinding to URL
ldap://in.testdomain/CN=Configuration,DC=in,DC=testdomain
Debug: rlm_ldap (ldap): Waiting for bind result...
Debug: rlm_ldap (ldap): Bind successful
Debug: rlm_ldap (ldap): Bind successful
Debug: rlm_ldap (ldap): Bind successful
Info: rlm_ldap (ldap): Deleting inviable connection (0)
Debug: rlm_ldap: Closing libldap handle 0x1f60190
Info: rlm_ldap (ldap): Need 6 more connections to reach 10 spares
Info: rlm_ldap (ldap): Opening additional connection (5), 1 of 28
pending slots used
Debug: rlm_ldap (ldap): Connecting to ldap://dc1.in.testdomain:389
ldap://dc2.in.testdomain:389
Debug: rlm_ldap (ldap): New libldap handle 0x1f60190
Debug: rlm_ldap (ldap): Waiting for bind result...
Debug: rlm_ldap (ldap): Bind successful
Info: rlm_ldap (ldap): Closing connection (4): Hit idle_timeout, was
idle for 135 seconds
Debug: rlm_ldap: Closing libldap handle 0x1f9e9d0
Info: rlm_ldap (ldap): Closing connection (3): Hit idle_timeout, was
idle for 135 seconds
Debug: rlm_ldap: Closing libldap handle 0x1f9e180
Info: rlm_ldap (ldap): Closing connection (2): Hit idle_timeout, was
idle for 135 seconds
Debug: rlm_ldap (ldap): You probably need to lower "min"
Debug: rlm_ldap: Closing libldap handle 0x1f8c9e0
Info: rlm_ldap (ldap): Closing connection (1): Hit idle_timeout, was
idle for 135 seconds
Debug: rlm_ldap (ldap): You probably need to lower "min"
Debug: rlm_ldap: Closing libldap handle 0x1f8bee0
Debug: rlm_ldap (ldap): Reserved connection (5)
WARNING: (7) files: Search failed: Timed out while waiting for server
to respond. Got new socket, retrying...
Debug: (7) files: Waiting for search result...
Debug: rlm_ldap (ldap): Rebinding to URL
ldap://DomainDnsZones.in.testdomain/DC=DomainDnsZones,DC=in,DC=testdomain
Debug: rlm_ldap (ldap): Waiting for bind result...
Debug: rlm_ldap (ldap): Rebinding to URL
ldap://ForestDnsZones.in.testdomain/DC=ForestDnsZones,DC=in,DC=testdomain
Debug: rlm_ldap (ldap): Waiting for bind result...
Debug: rlm_ldap (ldap): Rebinding to URL
ldap://in.testdomain/CN=Configuration,DC=in,DC=testdomain
Debug: rlm_ldap (ldap): Waiting for bind result...
Debug: rlm_ldap (ldap): Bind successful
Debug: rlm_ldap (ldap): Bind successful
Debug: rlm_ldap (ldap): Bind successful
Info: rlm_ldap (ldap): Deleting inviable connection (5)
Debug: rlm_ldap: Closing libldap handle 0x1f60190
Info: rlm_ldap (ldap): Need 3 more connections to reach 10 spares
Info: rlm_ldap (ldap): Opening additional connection (6), 1 of 32
pending slots used
Debug: rlm_ldap (ldap): Connecting to ldap://dc1.in.testdomain:389
ldap://dc2.in.testdomain:389
Debug: rlm_ldap (ldap): New libldap handle 0x1f60190
Debug: rlm_ldap (ldap): Waiting for bind result...
Debug: rlm_ldap (ldap): Bind successful
Debug: rlm_ldap (ldap): Reserved connection (6)
WARNING: (7) files: Search failed: Timed out while waiting for server
to respond. Got new socket, retrying...
Debug: (7) files: Waiting for search result...
Debug: rlm_ldap (ldap): Rebinding to URL
ldap://DomainDnsZones.in.testdomain/DC=DomainDnsZones,DC=in,DC=testdomain
Debug: rlm_ldap (ldap): Waiting for bind result...
Debug: rlm_ldap (ldap): Rebinding to URL
ldap://ForestDnsZones.in.testdomain/DC=ForestDnsZones,DC=in,DC=testdomain
Debug: rlm_ldap (ldap): Waiting for bind result...
Debug: rlm_ldap (ldap): Rebinding to URL
ldap://in.testdomain/CN=Configuration,DC=in,DC=testdomain
Debug: rlm_ldap (ldap): Waiting for bind result...
Debug: rlm_ldap (ldap): Bind successful
Debug: rlm_ldap (ldap): Bind successful
Debug: rlm_ldap (ldap): Bind successful
Info: rlm_ldap (ldap): Deleting inviable connection (6)
Debug: rlm_ldap: Closing libldap handle 0x1f60190
Info: rlm_ldap (ldap): Need 3 more connections to reach 10 spares
Info: rlm_ldap (ldap): Opening additional connection (7), 1 of 32
pending slots used
Debug: rlm_ldap (ldap): Connecting to ldap://dc1.in.testdomain:389
ldap://dc2.in.testdomain:389
Debug: rlm_ldap (ldap): New libldap handle 0x1f60190
Debug: rlm_ldap (ldap): Waiting for bind result...
Debug: rlm_ldap (ldap): Bind successful
Debug: rlm_ldap (ldap): Reserved connection (7)
WARNING: (7) files: Search failed: Timed out while waiting for server
to respond. Got new socket, retrying...
Debug: (7) files: Waiting for search result...
Debug: rlm_ldap (ldap): Rebinding to URL
ldap://DomainDnsZones.in.testdomain/DC=DomainDnsZones,DC=in,DC=testdomain
Debug: rlm_ldap (ldap): Waiting for bind result...
Debug: rlm_ldap (ldap): Rebinding to URL
ldap://ForestDnsZones.in.testdomain/DC=ForestDnsZones,DC=in,DC=testdomain
Debug: rlm_ldap (ldap): Waiting for bind result...
Debug: rlm_ldap (ldap): Rebinding to URL
ldap://in.testdomain/CN=Configuration,DC=in,DC=testdomain
Debug: rlm_ldap (ldap): Waiting for bind result...
Debug: rlm_ldap (ldap): Bind successful
Debug: rlm_ldap (ldap): Bind successful
Debug: rlm_ldap (ldap): Bind successful
Info: rlm_ldap (ldap): Deleting inviable connection (7)
Debug: rlm_ldap: Closing libldap handle 0x1f60190
Info: rlm_ldap (ldap): Need 3 more connections to reach 10 spares
Info: rlm_ldap (ldap): Opening additional connection (8), 1 of 32
pending slots used
Debug: rlm_ldap (ldap): Connecting to ldap://dc1.in.testdomain:389
ldap://dc2.in.testdomain:389
Debug: rlm_ldap (ldap): New libldap handle 0x1f60190
Debug: rlm_ldap (ldap): Waiting for bind result...
Debug: rlm_ldap (ldap): Bind successful
Debug: rlm_ldap (ldap): Reserved connection (8)
WARNING: (7) files: Search failed: Timed out while waiting for server
to respond. Got new socket, retrying...
Debug: (7) files: Waiting for search result...
Debug: rlm_ldap (ldap): Rebinding to URL
ldap://DomainDnsZones.in.testdomain/DC=DomainDnsZones,DC=in,DC=testdomain
Debug: rlm_ldap (ldap): Waiting for bind result...
Debug: rlm_ldap (ldap): Rebinding to URL
ldap://ForestDnsZones.in.testdomain/DC=ForestDnsZones,DC=in,DC=testdomain
Debug: rlm_ldap (ldap): Waiting for bind result...
Debug: rlm_ldap (ldap): Rebinding to URL
ldap://in.testdomain/CN=Configuration,DC=in,DC=testdomain
Debug: rlm_ldap (ldap): Waiting for bind result...
Debug: rlm_ldap (ldap): Bind successful
Debug: rlm_ldap (ldap): Bind successful
Debug: rlm_ldap (ldap): Bind successful
Info: rlm_ldap (ldap): Deleting inviable connection (8)
Debug: rlm_ldap: Closing libldap handle 0x1f60190
Info: rlm_ldap (ldap): Need 3 more connections to reach 10 spares
Info: rlm_ldap (ldap): Opening additional connection (9), 1 of 32
pending slots used
Debug: rlm_ldap (ldap): Connecting to ldap://dc1.in.testdomain:389
ldap://dc2.in.testdomain:389
Debug: rlm_ldap (ldap): New libldap handle 0x1f60190
Debug: rlm_ldap (ldap): Waiting for bind result...
Debug: rlm_ldap (ldap): Bind successful
Debug: rlm_ldap (ldap): Reserved connection (9)
WARNING: (7) files: Search failed: Timed out while waiting for server
to respond. Got new socket, retrying...
Debug: (7) files: Waiting for search result...
Debug: rlm_ldap (ldap): Rebinding to URL
ldap://DomainDnsZones.in.testdomain/DC=DomainDnsZones,DC=in,DC=testdomain
Debug: rlm_ldap (ldap): Waiting for bind result...
Debug: rlm_ldap (ldap): Rebinding to URL
ldap://ForestDnsZones.in.testdomain/DC=ForestDnsZones,DC=in,DC=testdomain
Debug: rlm_ldap (ldap): Waiting for bind result...
Debug: rlm_ldap (ldap): Rebinding to URL
ldap://in.testdomain/CN=Configuration,DC=in,DC=testdomain
Debug: rlm_ldap (ldap): Waiting for bind result...
Debug: rlm_ldap (ldap): Bind successful
Debug: rlm_ldap (ldap): Bind successful
Error: rlm_ldap (ldap): Bind with
CN=ldapradiusauth,CN=users,DC=in,DC=testdomain to
ldap://dc1.in.testdomain:389 ldap://dc2.in.testdomain:389 failed:
Timed out while waiting for server to respond
Unable to chase referral
"ldap://DomainDnsZones.in.testdomain/DC=DomainDnsZones,DC=in,DC=testdomain"
(-5: Timed out)
Info: rlm_ldap (ldap): Deleting inviable connection (9)
Debug: rlm_ldap: Closing libldap handle 0x1f60190
Info: rlm_ldap (ldap): Need 3 more connections to reach 10 spares
Info: rlm_ldap (ldap): Opening additional connection (10), 1 of 32
pending slots used
Debug: rlm_ldap (ldap): Connecting to ldap://dc1.in.testdomain:389
ldap://dc2.in.testdomain:389
Debug: rlm_ldap (ldap): New libldap handle 0x1f60190
Debug: rlm_ldap (ldap): Waiting for bind result...
Debug: rlm_ldap (ldap): Bind successful
Debug: rlm_ldap (ldap): Reserved connection (10)
WARNING: (7) files: Search failed: Timed out while waiting for server
to respond. Got new socket, retrying...
ERROR: (7) files: Hit reconnection limit
Debug output for when LDAP is working:
Debug: (7) files: EXPAND (sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}})
Debug: (7) files: --> (sAMAccountName=testuser)
Debug: (7) files: EXPAND TMPL LITERAL
Debug: (7) files: Performing search in "dc=in,dc=DOMAIN" with filter
"(sAMAccountName=testuser)", scope "sub"
Debug: (7) files: Waiting for search result...
Debug: rlm_ldap (ldap): Rebinding to URL
ldap://DomainDnsZones.in.testdomain/DC=DomainDnsZones,DC=in,DC=testdomain
Debug: rlm_ldap (ldap): Waiting for bind result...
Debug: rlm_ldap (ldap): Rebinding to URL
ldap://ForestDnsZones.in.testdomain/DC=ForestDnsZones,DC=in,DC=testdomain
Debug: rlm_ldap (ldap): Waiting for bind result...
Debug: rlm_ldap (ldap): Rebinding to URL
ldap://in.testdomain/CN=Configuration,DC=in,DC=testdomain
Debug: rlm_ldap (ldap): Waiting for bind result...
Debug: rlm_ldap (ldap): Bind successful
Debug: rlm_ldap (ldap): Bind successful
Debug: rlm_ldap (ldap): Bind successful
Debug: (7) files: User object found at DN
"CN=testuser,OU=users,DC=in,DC=testdomain"
Debug: (7) files: Checking for user in group objects
Debug: (member:1.2.840.113556.1.4.1941:=%{control:Ldap-UserDn})
Debug: Parsed xlat tree:
Debug: literal --> (member:1.2.840.113556.1.4.1941:=
Debug: attribute --> LDAP-UserDN
Debug: literal --> )
Debug: (7) files: EXPAND
(member:1.2.840.113556.1.4.1941:=%{control:Ldap-UserDn})
Debug: (7) files: -->
(member:1.2.840.113556.1.4.1941:=CN\3dtestuser\2cOU\3dUsers\2cDC\3din\2cDC\3dtestdomain)
Debug: (7) files: Waiting for bind result...
Debug: (7) files: Bind successful
Debug: (7) files: Performing search in
"CN=test,OU=VLAN-Access,DC=in,DC=testdomain" with filter
"(member:1.2.840.113556.1.4.1941:=CN\3dtestuser\2cOU\3dUsers\2cDC\3din\2cDC\3dtestdomain",
scope "sub"
Debug: (7) files: Waiting for search result...
Debug: (7) files: User found in group object
"CN=test,OU=VLAN-Access,DC=in,DC=testdomain"
More information about the Freeradius-Users
mailing list